On 1/10/20 12:42 PM, Peter Krempa wrote:
The currently existing virsh APIs for secrets are awful for human use and don't promote security. Peter Krempa (4): virsh: secret: Add 'secret-passwd' command virsh: secret: Allow getting secret's value without base64 encoding virsh: secret: Allow setting secrets from file docs: secret: Unify and sanitize examples on how to set secret value docs/formatsecret.html.in | 86 ++++++++++++++++++---------- docs/manpages/virsh.rst | 26 ++++++++- tools/virsh-secret.c | 116 ++++++++++++++++++++++++++++++++++++-- 3 files changed, 189 insertions(+), 39 deletions(-)
Code-wise LGTM. I have a question about the design though. Shouldn't we ask for a password confirmation when setting the secret via secret-passwd? This would be more on par with how 'passwd' works in Linux, and can also help to prevent user typos when setting a secret. Thanks, DHB
